Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

CVEs (1,771)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-10770 1Envothemes 1Envo Extra Jan 29, 2025 Nov 9, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Envo Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.3 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included...Show more The Envo Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.3 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to.Show less
CVE-2024-10669 - - Nov 12, 2024 Nov 9, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Countdown Timer block – Display the event's date into a timer. plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.4 via the [ctb] shortcode due to insufficient r...Show more The Countdown Timer block – Display the event's date into a timer. plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.4 via the [ctb] shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to.Show less
CVE-2024-10667 - - Nov 12, 2024 Nov 9, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Content Slider Block plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.1.5 via the [csb] shortcode due to insufficient restrictions on which posts can be included. Thi...Show more The Content Slider Block plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.1.5 via the [csb] shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to.Show less
CVE-2024-10693 1Sktthemes 1Skt Addons For Elementor Mar 6, 2025 Nov 9, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The SKT Addons for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.3 via the Unfold widget due to insufficient restrictions on which posts can be included. Thi...Show more The SKT Addons for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.3 via the Unfold widget due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to.Show less
CVE-2024-9262 - - Apr 8, 2026 Nov 9, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The User Meta – User Profile Builder and User management plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.1.1 via the getUser() due to missing validati...Show more The User Meta – User Profile Builder and User management plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.1.1 via the getUser() due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and above, to obtain user meta values from form fields. Please note that this requires a site administrator to create a form that displays potentially sensitive information like password hashes. This may also be exploited by unauthenticated users if the 'user-meta-public-profile' shortcode is used insecurely.Show less
CVE-2024-10779 1Codeless 1Cowidgets Elementor Addons Jan 29, 2025 Nov 9, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.0 via the 'ce_template' shortcode due to insufficient restrictions on which posts can...Show more The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.0 via the 'ce_template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to.Show less
CVE-2024-52313 1Amazon 1Data.all Oct 14, 2025 Nov 9, 2024 5.3 MEDIUM· v4 4.3 MEDIUM· v3 N/A· v2 An authenticated data.all user is able to manipulate a getDataset query to fetch additional information regarding the parent Environment resource that the user otherwise would not able to fetch by directly querying the o...Show more An authenticated data.all user is able to manipulate a getDataset query to fetch additional information regarding the parent Environment resource that the user otherwise would not able to fetch by directly querying the object via getEnvironment in data.all.Show less
CVE-2024-43438 1Moodle 1Moodle Aug 5, 2025 Nov 7, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 A flaw was found in Feedback. Bulk messaging in the activity's non-respondents report did not verify message recipients belonging to the set of users returned by the report.
CVE-2024-51559 163moons 2Aero Wave 2.0 Nov 22, 2024 Nov 4, 2024 7.1 HIGH· v4 6.5 MEDIUM· v3 N/A· v2 This vulnerability exists in the Wave 2.0 due to improper authorization checks on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating API input parameters to gain unau...Show more This vulnerability exists in the Wave 2.0 due to improper authorization checks on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating API input parameters to gain unauthorized access and perform malicious activities on other user accounts.Show less
CVE-2024-48217 - - Nov 5, 2024 Nov 1, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 An Insecure Direct Object Reference (IDOR) in the dashboard of SiSMART v7.4.0 allows attackers to execute a horizontal-privilege escalation.
CVE-2024-37277 1Strangerstudios 1Paid Memberships Pro Jan 22, 2025 Nov 1, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Authorization Bypass Through User-Controlled Key vulnerability in Paid Memberships Pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Paid Memberships Pro: from n/a through 3.0.4.
CVE-2024-10654 1Totolink 1Lr350 Firmware Mar 10, 2025 Nov 1, 2024 6.9 MEDIUM· v4 9.1 CRITICAL· v3 5.0 MEDIUM· v2 A vulnerability has been found in TOTOLINK LR350 up to 9.3.5u.6369 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /formLoginAuth.htm. The manipulation of the argument a...Show more A vulnerability has been found in TOTOLINK LR350 up to 9.3.5u.6369 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /formLoginAuth.htm. The manipulation of the argument authCode with the input 1 leads to authorization bypass. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 9.3.5u.6698_B20230810 is able to address this issue. It is recommended to upgrade the affected component.Show less
CVE-2024-51066 1Phpgurukul 1Beauty Parlour Management System Apr 4, 2025 Oct 31, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 An Insecure Direct Object Reference (IDOR) vulnerability in appointment-detail.php in Phpgurukul's Beauty Parlour Management System v1.1 allows unauthorized access to the Personally Identifiable Information (PII) of othe...Show more An Insecure Direct Object Reference (IDOR) vulnerability in appointment-detail.php in Phpgurukul's Beauty Parlour Management System v1.1 allows unauthorized access to the Personally Identifiable Information (PII) of other customers.Show less
CVE-2024-9700 1Wpmudev 1Forminator Forms Nov 25, 2024 Oct 31, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.36.0 via the submit_quizzes() functio...Show more The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.36.0 via the submit_quizzes() function due to missing validation on the 'entry_id' user controlled key. This makes it possible for unauthenticated attackers to modify other user's quiz submissions.Show less
CVE-2024-10452 1Grafana 1Grafana Nov 8, 2024 Oct 29, 2024 N/A· v4 2.7 LOW· v3 N/A· v2 Organization admins can delete pending invites created in an organization they are not part of.
CVE-2024-7474 1Lunary 1Lunary Jan 9, 2025 Oct 29, 2024 N/A· v4 8.1 HIGH· v3 N/A· v2 In version 1.3.2 of lunary-ai/lunary, an Insecure Direct Object Reference (IDOR) vulnerability exists. A user can view or delete external users by manipulating the 'id' parameter in the request URL. The application does...Show more In version 1.3.2 of lunary-ai/lunary, an Insecure Direct Object Reference (IDOR) vulnerability exists. A user can view or delete external users by manipulating the 'id' parameter in the request URL. The application does not perform adequate checks on the 'id' parameter, allowing unauthorized access to external user data.Show less
CVE-2024-7473 1Lunary 1Lunary Nov 3, 2024 Oct 29, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An IDOR vulnerability exists in the 'Evaluations' function of the 'umgws datasets' section in lunary-ai/lunary versions 1.3.2. This vulnerability allows an authenticated user to update other users' prompts by manipulatin...Show more An IDOR vulnerability exists in the 'Evaluations' function of the 'umgws datasets' section in lunary-ai/lunary versions 1.3.2. This vulnerability allows an authenticated user to update other users' prompts by manipulating the 'id' parameter in the request. The issue is fixed in version 1.4.3.Show less
CVE-2024-50483 1Tareqhasan 1Meetup Apr 23, 2026 Oct 28, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Authorization Bypass Through User-Controlled Key vulnerability in Tareq Hasan Meetup meetup allows Privilege Escalation.This issue affects Meetup: from n/a through <= 0.1.
CVE-2024-10439 1Sun.net 1Ehrd Ctms Sep 25, 2025 Oct 28, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 The eHRD CTMS from Sunnet has an Insecure Direct Object Reference (IDOR) vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to access arbitrary files uploaded by any user.
CVE-2024-9637 1Igexsolutions 1Wpschoolpress Apr 8, 2026 Oct 26, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 The School Management System – WPSchoolPress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.10. This is due to the plugin not properly validating...Show more The School Management System – WPSchoolPress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.10. This is due to the plugin not properly validating a user's identity prior to updating their details like email. This makes it possible for authenticated attackers, with teacher-level access and above, to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.Show less

Previous 1...535455...89 Next